<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class User extends CI_Controller {
	
	var $sidebardata = array('page'=>'user');

	public function index()
	{
		$userid = $this->loginc->getUserId();
		$oldAuth = $this->auth->getUserAuth($userid);
		//传入权限列表，用于控制topnav的显示
		$this->sidebardata['userAuth'] = $oldAuth;
		
		
		$this->page->showSide($this->sidebardata,'content/user/main');

	}
	
	public function userlist()
	{
		$userid = $this->loginc->getUserId();
		$oldAuth = $this->auth->getUserAuth($userid);
		$this->sidebardata['userAuth'] = $oldAuth;
		
		// delete user
		if(isset($_POST['delete']))
		{
			if (@in_array("删除用户",$oldAuth))
			{
				if (isset($_POST['check']))
				{
					foreach ($_POST['check'] as $i=>$name){
						//echo $name;
						if ($name == $userid)
						{
							$this->sidebardata['FailMsg'] = "无法删除自己！";
						}
						else
						{
							$sql = "DELETE FROM user WHERE User_ID = '".$name."'";
							$this->db->query($sql);
						}
					}
				}
				else
				{
						$this->sidebardata['WarningMsg'] = "请选择要删除的用户！";
				}
			}
			else
			{
				$this->sidebardata['FailMsg'] = "权限异常！";
			}
		}
		
		//
		if(isset($_POST['insert']))
		{
			if (@in_array("删除用户",$oldAuth))
			{
				if(empty($_POST['User_ID']) || empty($_POST['Password']) || empty($_POST['Group_Name']) || empty($_POST['Name']))
				{
					echo '<script>';
					echo 'alert("带*号的为必填项")';
					echo '</script>';
				}
				else
				{
					$uid = $_POST['User_ID'];
					$psd = MD5($_POST['Password']);
					$grn = $_POST['Group_Name'];
					$name = $_POST['Name'];
					if(empty($_POST['First_Name']))
						$fname = null;
					else $fname = $_POST['First_Name'];
					if(empty($_POST['Last_Name']))
						$lname = null;
					else $lname = $_POST['Last_Name'];
					if(empty($_POST['Sex']))
						$sex = null;
					else $sex = $_POST['Sex'];
					if(empty($_POST['Faculty_ID']))
						$fid = null;
					else
					{
						$sql = "select Faculty_ID from faculty where Faculty = '".$_POST['Faculty_ID']."'";
						$que = $this->db->query($sql);
						$fid =  $que->row()->Faculty_ID;
					}
					if(empty($_POST['Faculty_Before_ID']))
						$fbid = null;
					else 
					{
						$sql = "select Faculty_ID from faculty where Faculty = '".$_POST['Faculty_Before_ID']."'";
						$que = $this->db->query($sql);
						$fbid =  $que->row()->Faculty_ID;
					}
					if(empty($_POST['Title']))
						$title = null;
					else $title = $_POST['Title'];
					if(empty($_POST['Duty']))
						$duty = null;
					else $duty = $_POST['Duty'];
					if(empty($_POST['JobNo']))
						$jno = null;
					else $jno = intval($_POST['JobNo']);
					if(empty($_POST['FixTel']))
						$ftel = null;
					else $ftel = intval($_POST['FixTel']);
					if(empty($_POST['Mobile']))
						$mob = null;
					else $mob = intval($_POST['Mobile']);
					if(empty($_POST['Birth']))
						$birth = null;
					else $birth = $_POST['Birth'];
					if(empty($_POST['Email']))
						$email = null;
					else $email = $_POST['Email'];
					if(empty($_POST['Remark']))
						$rem = null;
					else $rem = $_POST['Remark'];
					if(empty($_POST['PhotoLink']))
						$plink = null;
					else $plink = $_POST['PhotoLink'];
	
					//检查User_id 是否冲突
					$sql = "select User_ID from user where User_ID = '$uid'";
					$query = $this->db->query($sql);
					if ($query->num_rows() != 0)
					{
						$this->sidebardata['FailMsg'] = "User_ID已经存在，无法添加该用户";
					}
					else
					{
						//密码在MD5加密有存入数据库
						$sql = "insert into user values('$uid', '$psd', '$grn', '$name', '$fname', '$lname', '$sex', $fid, $fbid, '$title', '$duty', ".($jno == null ? 'null' : $jno).", ".($ftel == null ? 'null' : $ftel).", ".($mob == null ? 'null' : $mob).", '$birth', '$email', '$rem', '$plink');";
						$this->db->query($sql);
						$this->sidebardata['SuccessMsg'] = "$uid 添加成功";
					}
				}
			}
			else
			{
				$this->sidebardata['FailMsg'] = "权限异常！";
			}
		}
		
		// search
		if(isset($_POST['query']))
		{
			$sql = "select * from user where ";
			if(!empty($_POST['User_ID']) && trim($_POST['User_ID']) != 0)
			{
				$sql = $sql."User_ID = '".$_POST['User_ID']."'";
			}
			if (! (substr($sql,strlen($sql) - strlen("where ")) == "where ") )
			{
				$res = $this->db->query($sql);
				$this->sidebardata['res'] = $res;
			}
			else
			{
				$this->sidebardata['WarningMsg'] = "请输入有效的查询条件";	
			}
		}
		
		$this->page->showSide($this->sidebardata,'content/user/userlist');

	}
	
	public function schoollist()
	{
		$userid = $this->loginc->getUserId();
		$oldAuth = $this->auth->getUserAuth($userid);
		$this->sidebardata['userAuth'] = $oldAuth;
		$this->page->showSide($this->sidebardata,'content/user/schoollist');
	}
	
	public function userauth()
	{
		$userid = $this->loginc->getUserId();
		$optuser = '';
		$oldAuth = $this->auth->getUserAuth($userid);
		$this->sidebardata['userAuth'] = $oldAuth;
		$this->sidebardata['list'] = $this->auth->getAuthList();
		//判断权限
		if (@in_array("修改权限",$oldAuth))
		{
			if (@isset($_POST['set']))
			{
				$userAuth = isset($_POST['item']) ? $_POST['item'] : array();
				$optuser = $_POST['optuser'];
				$this->auth->setUserAuth($optuser,$userAuth);
			}
			$optuser = '';
			$optoldAuth = array();;
			
			if (@isset($_GET['submit']))
			{
				$optuser = $_GET['optuser'];
				$optoldAuth = $this->auth->getUserAuth($optuser);
			}
			$this->sidebardata['optuserAuth'] = $optoldAuth;
			$this->sidebardata['optuser'] = $optuser;
			$this->sidebardata['oldAuth'] = $oldAuth;
		}
		else
		{
				$this->sidebardata['FailMsg'] = "无法修改权限";
		}
		
		$this->page->showSide($this->sidebardata,'content/user/auth');

	}
	
}

/* End of file user.php */
/* Location: ./application/controllers/user.php */